IBM X-Force 2013 Mid-Year Trend and Risk Report

Today IBM has released it's X-Force® 2013 Mid-Year Trend and Risk Report.

This X-Force® report provides insights into some of the most significant challenges facing security professionals today. 

Highlights include:

  • Social media has become a top target this year and black markets have cropped up to trade on compromised and fabricated accounts on social media sites
  • Number of SQL Injection (SQLi) security incidents in 2013 continues to rise.
  • The Watering Hole attack category has been used by attackers to successfully breach several high tech companies and government groups by exploiting trust
  • More than half of all web application vulnerabilities reported publicly were cross-site scripting (XSS) vulnerabilities. However, the web application vulnerabilities category only represented 31 percent of overall vulnerabilities and improvements on previous years has been reported. 
  • Content Management Systems (CMS) vendors are doing a better job of keeping their products patched as 78 percent of all vulnerabilities in CMS software have been patched in the first half of 2013.

Many of the breaches reported in the last year were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice. Attackers seem to be capitalizing on this "lack of security basics" by using a model of operational sophistication that allows them to increase their return on exploit.

Watering hole attacks, which have continued, are a great example of how operational sophistication is being used to reach targets not previously susceptible with several high tech companies, as well as government agencies have been successfully breached in past months.

Attackers have demonstrated enhanced technical sophistication in the area of distributed-denial-of service (DDoS) attacks. DDoS methods per se are not advanced, but the method for increasing the amounts of capable bandwidth is a new and powerful way to halt business by interrupting online service.

Mobile devices are still a lucrative target for malware authors. Although mobile vulnerabilities continue to grow at a rapid pace, IBM X-Force researchers still see them as a small percentage of overall vulnerabilities reported in the year.

For more findings on web trends, spam and to understand the challenges so many enterprises face when it comes to vulnerability management download your copy of the IBM X-Force® 2013 Mid-Year Trend and Risk Report here

Thanks for stopping by.